Spammers Are Due For A Surprise

Some of the worst spammers in the United States could be in for a rude surprise shortly, as Unspam Technologies has taken the first steps in tracking them down, with help from the ISPs.

The company filed a lawsuit yesterday in the Eastern District of Virginia seeking the identities of spammers under the U.S. CAN-SPAM Act and the state of Virginia's own anti-spam statue. The suit seeks damages that could potentially reach $1 billion, but Unspam said it would be happy with driving spammers out of business.

The idea of suing spammers may seem as ludicrous as suing God; where do you deliver the subpoena? But Jon Praed, the lawyer on the case, founding partner of the Internet Law Group and one of the top lawyers involved in spam suits, said not to think that way.

"We cannot fight them by treating them as if they are everywhere, because it lulls us into a false acceptance of the inevitability of the outcome," he told internetnews.com. "If we focus on what they are using or make it hard to use those tools, we're going to beat them. We are not fighting Acts of God, we are fighting criminal acts."

Unspam's secret for dealing with these non-deities? Project Honey Pot, a trap for spammers. Spammers use crawlers to crawl through every page on a Website for valid e-mail addresses, and then add these addresses to their database.

Any Website operator can download the Honey Pot software and it will set up a dummy page that gives a fake, unique e-mail address to the crawlers. When spam comes in to that unique address, it's a double gotcha; both the IP address of the crawler that harvested the fake e-mail address is known, and Honey Pot also scores the IP address of the sender of the spam.

As a result, Honey Pot has collected 2.5 million IP addresses of spam senders and 15,000 IP addresses of crawlers. Now comes the one-two punch. The company has released what it calls the http:BL, a blacklist of the 2.5 million compromised computers.

Most spam today is sent out by a compromised computer with a zombie, or bot installed on the computer. The users of these computers almost always have no idea they are compromised, because they have no antivirus software installed to stop such infection in the first place.

Well, with the http:BL they will find out. The blacklist can be installed on any Apache-based Website, so when one of the 2.5 million IP address with a botnet running on them visits that site, the site can deny them access to the home page and inform the user of their infection.

Punch number two is for the 15,000 IP addresses of crawlers. Those are the people collecting and selling e-mail addresses. Harvesting is a slow process and botnets are expensive to rent by the hour, so the spammers do it themselves, on their own computers with a constant connection, since one is needed.

Gotcha, said Matthew Prince, CEO of Unspam and Project Honey Pot. "Those will be some of the first targets from this litigation," he said. "We've identified very specific targets. In some cases have a good sense of who these people are. Then we can bring the full weight of the law down on these people who are breaking it."

The worst offender for spam crawlers is the U.S., with 22.7 percent of harvesting coming from U.S. IP addresses. Romania is second and Japan is third, both with less than ten percent of the harvesting addresses.

The lawsuit grants subpoena power, which the ISPs wanted. "In most cases ISPs have said we'd love to share info with you, but to make sure we're not violating privacy of members, we're rather have a subpoena," said Prince.

Russia has the bad reputation for spam and viruses, but Prince said there is a delineation between spam of U.S. and foreign origin. "I would say that in terms of selling physical products, anything that has to be shipped, they tend to be here. Mortgage types are here too. The ones in other countries are committing straight fraud, like the Nigerian princes or fake bank account," he said.

To that end, Praed has a group that pretends to be customers and respond to all the spam they get, like making purchases. They purchase whatever is being sold to see who fulfills the order and track the money.

"By looking at the problem from both sides, how addresses are collected and who's fulfilling the order and running credit card transaction, we close in and have a much better picture of who the bad guys are," said Prince. "There are a few people who should not be sleeping well tonight."

Praed doesn't expect to squash all spammers but he does hope to make life rotten for a lot of them. "We don't have to catch them. We just have to make it so costly for them that they move on," he said. "We know we have limited resources and it's one lawsuit, but we realize acts of spam are not like Acts of God. By targeting the case on the worst of the worst we think we can have an impact."

IBM also uses a 'honeypot' approach in a worm detection system it's developed.